An Ontology Design Pattern for Describing Personal Data in Privacy Policies

Privacy laws such as the General Data Protection Regulation(GDPR) specify several obligations involving personal data. A privacy policy is a document that provides information for legal compliance onhow personal data is collected, used, stored, and shared, which is essential for understanding their privacy implications. Approaches such as the Us-ablePrivacy project that extract information from the text of the privacy policy need to structure it in a manner suitable for machine processing.Semantic web has been proven to be suitable to represent this knowledge as a set of queryable concepts and relationships. However, there is a large overlap between different projects and approaches targeting the privacy policy that does not take advantage of the significant similarity of its underlying information. We present an ontology design pattern to aid these efforts in representing and modelling information related to personal data within a privacy policy. The pattern aims to assist the existing ecosystem of machine-based approaches for interpretation and visualisation of privacy policies by providing a common structured representation to ease modelling and sharing of related information.